However, the web shield worked. But the File System Shield did not worked. I have the component active. What could be wrong? I didn’t change any settings, it is out the box.
I have another question. Having an active firewall, it is necessary to have web shield active?
The manual scan is working, but the real time protection apparently is not. In the Avast website there is a guide to test the real time protection (not manual scan). I’ve used the guide (again, from the Avast website) and it fails. How can I be sure that the real time projection is working since the test (provided by Avast) failed? Or the guide is wrong, or the real time projection is not working correctly.
Yes it is absolutely necessary to have the web shield enabled. Your own test shows that, the web shield test worked and your firewall didn’t bat an eyelid. They are looking for completely different things.
You don’t say what eicar file was being tested ?
Some won’t be scanned by the file system shield immediately as they don’t present an immediate risk eicar.txt or eicar.zip for example. But the context (right click) menu scan will scan all files.
Without more information it is almost impossible to say what happened.
The step 4 failed. I’ve download the file normally, I even try to open the file, but no alert pop-up appeared. It should appear a pop-up, like it is described on the step 4: “An alert pop-up message appears above the Avast orange-ball icon with the text Threat Blocked, which indicates that Avast 2016 real-time protection is working properly on your computer.”
Well I have just tested it using my system with 17.4.2292 (beta build) and the web shield off so it could be downloaded. I downloaded the http and https eicar.com files and no alert with the web shield off, which I expected. But no alert for new files being added to the system by the File System Shield.
Ordinarily I would expect the avast file system shield to scan a .com file, however it didn’t. But although it has a .com file extension it isn’t actually a .com file as it only has the eicar text string within the file, in effect just a text file.
Another hiccup (possibly), I have XP set to query the launch of all executable files and that stepped in before being able to run it.
I can only assume that avast is looking for the file type marker inside the file to indicate what file type it is rather than just look at the file name (which can easily be changed to fool users). This assumption needs clarification by avast.
Although my assumption needs clarification - avast will scan executable files that have had the file type changed to say a .txt file type as windows (I believe ) doesn’t rely on just the file type to see what should launch that file. If avast are doing this it is reasonable to believe they would do the same for .com files that are actually text files.
One thing for sure is it would be confusing for users if they start to run the eicar test.
As Alikhan mentions it is reasonable to delay the scan when it is written to disk (as it isn’t active), but you experienced more than that it didn’t scan it when executed (also confirmed on my system).
If this is the current practice then avast needs to change the avastUI > Component > File System Shield settings as this states ‘Scan files when writing’ (default enabled). When a file is saved to disk (download) it is written to disk, so a user would expect it to be scanned.
Thanks for digging this out - one thing for sure that FAQ https://www.avast.com/faq.php?article=AVKB32#idt_02 needs a complete upgrade as given what you have found makes it pretty much redundant. Other than the web shield getting involved, the rest the eicar.com tests are not worth
There are still a lot of people using 32bit OSes my XP Pro SP3 (test system) did execute (but lets say ran) so it should have detected the eicar string. My Win7 SP1 system is also 32bit. Only this win10 laptop is 64bit, but this system hasn’t been updated to avast 17.x.x
Perhaps avast should add .COM files to the list by default (or in an .ini file or behind the scenes), so users can run the set of eicar tests and get the expected results instead of a shock.
I’ve tried to copy the file to a folder to another and it didn’t detect anything. Also, I don’t have the option “Optimize scanning during file copy option” in File System Shield Settings / Advanced. I have (screenshot)